Overview Introduction Background Target Application Vulnerability - - PowerPoint PPT Presentation

overview
SMART_READER_LITE
LIVE PREVIEW

Overview Introduction Background Target Application Vulnerability - - PowerPoint PPT Presentation

Aug 25, 2023 164 likes •337 views

niversiteit van Amsterdam System and Network Engineering E ffectiveness of A utomated A pplication P enetration T esting T ools A LEXANDRE F ERREIRA H ARALD K LEPPE Overview Introduction Background Target Application Vulnerability

slide-1
SLIDE 1

niversiteit van Amsterdam

System and Network Engineering

Effectiveness of Automated Application Penetration Testing Tools

ALEXANDRE FERREIRA HARALD KLEPPE

slide-2
SLIDE 2

Overview

  • Introduction
  • Background
  • Target Application
  • Vulnerability Scanners
  • Test Results
  • Conclusion
  • Questions
slide-3
SLIDE 3

Introduction

  • Are automated penetration testing tools effective?

– What and how is automated with these tools? – How much manual intervention is required from the

results? (false positives / negatives)

– What are the most effective tools? – What level of effectiveness is acceptable / necessary

to properly support pentesters?

slide-4
SLIDE 4

Background

  • OWASP Top 10 Project
  • What is a Penetration Test?
  • What is a Penetration Testing Tool?
slide-5
SLIDE 5

Target Application

  • Why a new application?

– Other tools (HacmeBank, WebGoat, ...) – Known implementations

  • How and which vulnerabilities are implemented?

– Lets have a look!

slide-6
SLIDE 6

Target Application (2)

  • SQL Injection

– In URL and in HTML form

  • Cross Site Scripting (XSS)

– Stored and relected

  • Cross Site Request Forgery (CSRF)
  • Path traversal
  • Failure to restrict URL access
  • Printed error
slide-7
SLIDE 7

Vulnerability Scanners

  • Tool selection

– Both open source and commercial tools – Established tools – New players – Some tools: €10 000 per year

slide-8
SLIDE 8

Vulnerability Scanners (2)

Commercial

  • Acunetix
  • BurpSuite Pro
  • Core Impact
  • IBM AppScan
  • NTOSpider
  • ParosPro
  • Qualys

Open Source

  • Paros
  • Skipfish
  • w3af
  • ZAProxy
slide-9
SLIDE 9

Vulnerability Scanners (3)

slide-10
SLIDE 10

Vulnerability Scanners (4)

slide-11
SLIDE 11

Test Results

  • Low hitrate, differ from other research
  • None of the tools “passed” this test
slide-12
SLIDE 12

Test Results (2)

Vulnerability Type Tools Path traversal CSRF Reflected XSS Stored XSS Failure to restrict URL access SQL Injection (in URL) SQL Injection (in HTML form) Printed error message Commercial Commercial Commercial Commercial Commercial Commercial Open Source Commercial Commercial Open Source Open Source Open Source

slide-13
SLIDE 13

Test Results (3)

  • Insufficient dataset to compare the tools generally
  • Relying on crawling engines proves to be dangerous
slide-14
SLIDE 14

Conclusion

  • Scanners are conditionally effective
  • Nearly the entire scan can be automated
  • Quite some intervention is required
  • For our application: Skipfish + BurpSuite
  • Necessary effectiveness
slide-15
SLIDE 15

Conclusion (2)

  • Further research

– Crawling abilities of different scanners – Selective scanning

slide-16
SLIDE 16

Perguntas Spørsmål

?

F r a g e n Pytania Ε ρ ω τ ή σ ε ι ς

Questions

Въпроси V r a g e n